The queue for this session was huge and started outside of the Moscone center. It was interesting and well organized but the characterization “advanced” was not very accurate. Of course you cannot have any “advanced” presentation on a crowd of hundreds and you should give Jeremiah and Joe the credit for keeping a good balance.

Here are some points that are not very trivial:

You can mess with your friends Google search history with simple basic CSRF

The OWASP servlet filter is a nice tool

Mentioned a way to make a double cookie check both on the body and the HTTP headers and said that it was the way DWR works, but didn’t quite elaborate on it.

They mentioned several times that there is a wrong and right way to use JSON and it would be nice to provide more details but I suppose time was an issue.

Maybe the corner stone of JavaScript hacking is the action to override Object(). This is also a nice way to do AOP.